Back to Home

Privacy Policy

Last updated: 2025-11-10

1. Introduction

This Privacy Policy explains how Tabhaven ("we," "us," or "our") collects, uses, and protects your personal information when you use our browser tab management service ("Service").

2. Information We Collect

2.1 Account Information

  • Email address (for authentication and communications)
  • Account creation and last login timestamps
  • Waitlist status (if applicable)

2.2 Tab and Organization Data

  • Browser tab URLs, titles, and metadata
  • Groups (folders) you create, including hierarchical structure
  • Tags and their associations with tabs
  • Workspaces and workspace settings
  • Archive and trash status of tabs
  • Private Groups: Password-protected groups and their encrypted passwords
  • Shared Collections: Public sharing links (PSKs) and optional password protection

2.3 Technical Information

  • IP address and general location (for security and analytics)
  • Browser type and version
  • Device information and screen resolution
  • Usage patterns and feature interactions
  • Error logs and performance metrics
  • Sync timestamps and device identifiers

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Sync your tabs, groups, and workspaces across devices in real-time
  • Enable search functionality across your tab collections
  • Manage private groups and password protection
  • Generate and validate secure sharing links
  • Send authentication magic links via email
  • Send important service-related communications
  • Improve Service performance and user experience
  • Ensure security and prevent fraud
  • Comply with legal obligations

4. Password Protection and Security

Private Groups: When you password-protect a group:

  • Passwords are hashed using bcrypt on our servers before storage
  • We store only the hashed password, not the plaintext
  • Password verification happens server-side for security
  • Private groups and their contents are excluded from search results

Shared Links: When you share a group:

  • Unique, cryptographically secure PSK tokens are generated
  • Optional passwords are hashed before storage
  • You can deactivate or delete shares at any time

5. Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and users' safety.

6. Data Storage and Security

6.1 Where We Store Data

  • Primary data centers in the European Union

7. Data Retention

We retain your data as follows:

  • Account Data: Until account deletion, plus 30 days for account recovery
  • Tabs and Groups: Until you delete them or close your account
  • Trash: Soft-deleted tabs are retained based on your auto-delete settings (default: 30 days)
  • Archived Tabs: Retained indefinitely until you delete them
  • Shared Links: Until you delete them or close your account
  • Usage Analytics: Aggregated data for up to 24 months

8. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Export your data in a structured format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent for data processing

To exercise these rights, contact us at [email protected]

9. Cookies and Tracking

We use minimal cookies for:

  • Authentication and session management (essential)
  • CSRF protection tokens (essential)
  • User preferences and settings (functional)
  • Workspace selection (functional)
  • Basic analytics to improve the Service (analytical)

We do not use advertising cookies or track users across other websites.

10. Children's Privacy

The Service is not intended for users under 16 years old. We do not knowingly collect personal information from children under 16. If we discover such information, we will delete it promptly.

11. International Data Transfers

Your data may be processed in countries outside the EU/EEA. When this occurs, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

12. Changes to This Policy

We may update this Privacy Policy periodically. The "Last updated" date at the top indicates when changes were made.

14. Contact Information

For privacy-related questions or requests, contact us:

By using Tabhaven, you acknowledge that you have read and understood this Privacy Policy and agree to our data processing practices as described.

Back to Home Terms of Service →